Splunk Enterprise Security

Why am I unable to match the 1st Dropdown List going to 2nd DropDown list using XML coding?

atulod1
New Member

Hi

I would like to ask for help regarding how to match the first dropdown list to the 2nd dropdown list. Here the below is my XML coding.

Payment Requirements -Customed Dashboard

<input type="dropdown" token="tokServer" searchWhenChanged="True">
  <label>Organization Environment</label>
  <fieldForLabel>ServerEnvironment</fieldForLabel>
  <fieldForValue>ServerEnvironment</fieldForValue>
  <search>
    <query>
    | inputlookup server_mapping_list.csv | field ServerEnviroment | dedup ServerEnviroment 

    </query>
     <earliest>-24@h</earliest>
     <latest>now</latest>
     </search>
     <choice value="ServerEnv1"> ServerEnv1</choice>
     <choice value="ServerEnv2"> ServerEnv2</choice>
     <choice value="ServerEnv3"> ServerEnv3</choice>
     <choice value=" ServerEnv4"> ServerEnv4</choice>
     <choice value="ServerEnv5"> ServerEnv5</choice>
      </input>
<input type="dropdown" token="tokPCI" searchWhenChanged="True">
  <label>PCI Requirements</label>
  <fieldForLabel>PCIReq10</fieldForLabel>
  <fieldForValue>PCIReq10</fieldForValue>
  <search>
    <query>
     | inputlookup server_mapping_list.csv | sort  ServerEnviroment ="$tokServer$"
     | makemv delim="," PCIReq10| mvexpand PCIReq10 | table PCIReq10 
      </query>
      <earliest>-24@h</earliest>
    <latest>now</latest>
  </search>
</input>

Here is inputlookup that I created (server_mapping_list.csv)

PCIReq10                    ServerEnvironment
10.2.2                          ServerEnv2, ServerEnv5
10.2.2(SQ01)        ServerEnv3
10.2.2(SQ03)        ServerEnv3
10.2.3          ServerEnv1, ServerEnv4, ServerEnv5
10.2.4          ServerEnv1, ServerEnv3, ServerEnv4, ServerEnv5
10.2.5a         ServerEnv1, ServerEnv4, ServerEnv5
10.2.5b         ServerEnv5
10.2.5c         ServerEnv5

Here is the exact output will come up.
If I choose

ServerEnv1 on the first dropdown list   then 2nd dropdown list, the default will be is 10.2.3, 10.2.4 and 10.2.5a
ServerEnv2 on the first dropdown list then 2nd dropdown list, the default will be 10.2.2
ServerEnv3 on the first dropdown list then 2nd dropdown list, the default will be 10.2.2(SQ01), 10.2.2(SQ03)
ServerEnv4 on the first dropdown list then on the 2nd dropdown list, the default will be 10.2.2, 10.2.3, 10.2.4, and 10.2.5a
ServerEnv5 on the first dropdown list, then on the 2nd dropdown list, the default will be 10.2.2, 10.2.3, 10.2.4, 10.2.5a, 10.2.5b, 10.2.5c

Hoping you can correct my code. Thanks in advance

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!